This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

EnergySec Observations on NERC Cybersecurity Compliance

EnergySec 2017 Summit

Recently, I had the opportunity to attend EnergySec’s 13th Security and Compliance Summit. It was refreshing and encouraging to see such a dedicated, diverse group of people intent on making our lives safe and secure.

I attended a number of presentations and had many conversations with people who are working every day to prevent cybersecurity attacks from all angles. They are implementing security compliance programs, developing software, securing hardware and networks, educating people, conducting cybersecurity intelligence and more.

Compliance and Doing the Right Thing

Compliance is what entities are required to do in order to meet regulatory requirements to avoid consequential penalties. Remarkably, one recurring theme I heard is that the majority of people and organizations want to “do the right thing” to make their companies secure. In contrast to simply being in compliance with regulations or to avoid fines, they want to be as secure as they can be.

To that end, entities are working to create an environment where being safe and secure are priorities that permeate all areas of the business. They are implementing compliance management software to automate cybersecurity, provide an end-to-end view of compliance and drive success.

NERC Cybersecurity Compliance Challenges

One of the challenges that utilities face is ever-changing NERC cybersecurity compliance regulations. Frequently, compliance requirements change multiple times within an audit or review period. Utilities must stay ahead to prepare for impending changes to ensure that programs are in place in advance of the regulation.

Consequently, the best way to mitigate the impact of rapid changes is to create that environment of “doing the right thing.” From that standpoint, the entity is likely to meet regulatory requirements in advance of the actual change with less stress and better quality.

Conclusion

A critical factor for energy entities to be compliant today, tomorrow, and to “do the right thing,” is to select the right compliance management software.  Software should be robust to enable compliance, but ultimately, extend beyond that to support the “extra mile” that these entities are willing to go. Software should also be flexible, configurable, scalable, and able to rapidly adapt to future needs not yet known.

Many energy and utility entities have implemented AssurX’s NERC Compliance Management Solution to manage operations, identify risks, and demonstrate compliance across all critical operations.

Kathryn Wagner's picture

Thank Kathryn for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »